This is the OpenBSD 2.5 release errata & patch list:
For 2.1 errata, please refer here.
For 2.2 errata, please refer here.
For 2.3 errata, please refer here.
For 2.4 errata, please refer here.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
All architectures
- SECURITY FIX
In cron(8), make sure argv[] is NULL terminated in the fake popen() and
run sendmail as the user, not as root.
A source code patch exists which remedies this problem.
- SECURITY FIX
The procfs and fdescfs filesystems had an overrun in their handling
of uio_offset in their readdir() routines. (These filesystems are not
enabled by default).
A source code patch exists which remedies this problem.
- SECURITY FIX
Stop profiling (see profil(2)) when we execve() a new process.
A source code patch exists which remedies this problem.
- SECURITY FIX
Packets that should have been handled by IPsec may be transmitted
as cleartext. PF_KEY SA expirations may leak kernel resources.
A source code patch exists which remedies this problem.
- SECURITY FIX
In /etc/rc, use mktemp(1) for motd re-writing, and change the find(1)
to use -execdir.
A source code patch exists which remedies this problem.
- SECURITY FIX
Do not permit regular users to chflags(2) or fchflags(2) on character or
block devices which they may currently be the owner of.
A source code patch exists which remedies this problem.
- SECURITY FIX
Cause groff(1) to be invoked with the -S flag, when called by nroff(1),
to avoid various groff features which may be security issues. On the
whole, this is not really a security issue, but it was discussed on
BUGTRAQ as if it is.
A source code patch exists which remedies this problem.
- RELIABILITY FIX
Programs using fts(3) could dump core when given a directory structure
with a very large number of entries.
A source code patch exists which remedies this problem.
- RELIABILITY FIX
Sequence numbers could wrap with TCP_SACK and TCP_NEWRENO, resulting in
failure to retransmit correctly.
A source code patch exists which remedies this problem.
- RELIABILITY FIX
Retransmitted TCP packets could get corrupted when flowing over an
IPSEC ESP tunnel.
A source code patch exists which remedies this problem.
- RELIABILITY FIX
A local user can crash the system by reading a file larger than 64meg
from an ext2fs partition.
A source code patch exists which remedies this problem.
- RELIABILITY FIX
PF_KEY socket operations leak internal kernel resources, so that a
system running an IPsec keymanagement daemon like photurisd or isakmpd
will cause the networking subsystem to stop working after a finite amount
of time.
A source code patch exists which remedies this problem.
i386
- No problems identified yet.
mac68k
sparc
- No problems identified yet.
amiga
- No problems identified yet.
pmax
- No problems identified yet.
arc
- No problems identified yet.
alpha
- No problems identified yet.
hp300
- No problems identified yet.
mvme68k
- No problems identified yet.
powerpc
For 2.1 errata, please refer here.
For 2.2 errata, please refer here.
For 2.3 errata, please refer here.
For 2.4 errata, please refer here.
www@openbsd.org
$OpenBSD: errata.html,v 1.194 1999/08/31 11:43:40 deraadt Exp $